Since December 2018, the Epic Games Store has been running an aggressive weekly campaign of free game giveaways. That campaign is changing this week, but with no plans to stop offering freebies.
Instead, Epic updated the promotion with its first security-focused rule: If you want to claim EGS giveaways in the future, you’ll need to enable two-factor authentication (2FA).
The news appeared on Tuesday both on the official EGS site and as an automatic warning to EGS users on Windows and Mac. It explained that EGS will confirm the account information “periodically” with a 2FA notification when a user tries to claim free games between now and May 21. The company’s sole explanation for the change was as follows: “We understand this is a minor inconvenience for some, but we want to provide the best possible solutions to protect your Epic account.”
We reached out to Epic Games to ask if it had launched this campaign because of its own security breach or if the campaign came as a response to other recent gaming service breaches, most notably the leak of “160,000” Nintendo accounts from previous years. week. In an email to Ars Technica, Epic Senior PR and Communications Manager Nick Chester answered both questions with a flat “no.” Chester didn’t immediately clarify why Epic isn’t implementing this restriction until May 21.
Last week, Nintendo urged all of its users to activate 2FA on their Nintendo accounts, which proved to be an effective blocker against an exploit apparently targeting the outdated Nintendo Network (NNID) account system. Nintendo has since removed the ability to link NNID accounts to modern Nintendo accounts.
Before EGS launched in earnest, Epic Games had already dangled a carrot to encourage its users to use 2FA. That came in the form of a free ’emote’ dance move for his popular online shooter Fortnitewhich could be claimed as of August 2018 by following the same steps encouraged in today’s EGS news. Fortnite uses the same Epic account system as EGS, which originally only supported email as a 2FA protocol; that has since expanded to support TOTP apps like Duo, LastPass and Authy (what we suggest) and SMS (what we do not†